Cross-site Request Forgery (CSRF)

Overview

org.jvnet.hudson.plugins:monitoring is a None

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF).
An attacker may kill threads running on the Jenkins master which can lead to denial of service.
NOTE: Monitoring Plugin does not take into account configuration changes applied after Jenkins startup or after Monitoring Plugin finishes loading. Administrators need to restart Jenkins when enabling or disabling the CSRF protection configuration to apply the change to Monitoring Plugin.

Remediation

Upgrade org.jvnet.hudson.plugins:monitoring to version 1.75 or higher.